SSH daemons bound to WireGuard interface only can still be accessed from non-WireGuard network

[klyubin]

https://github.com/simonw/til/blob/master/tailscale/lock-down-sshd.md suggests binding SSH daemon to the WireGuard interface only. This security measure can be bypassed because most modern Linux hosts use the Weak Host Model (see rp_filter settings). Packets received on non-WireGuard (e.g., eth0) interface, with destination IP of the WireGuard interface, will be happily delivered to the SSH daemon, and its replies will go out of the non-WireGuard interface. This, in effect, bypasses WireGuard. See rp_filter and https://lwn.net/Articles/806546/ for more information.

Mitigations:

• Don't rely on VPNs as the primary security mechanism. Use application level security (well-configured and hardened SSH daemon) as the primary security mechanism. VPNs are fine for defense in depth.
• If you want to rely on VPN as the primary security mechanism, change rp_filter sysctls or add firewall rules.

[simonw]

Do you know if the alternative pattern suggested by @bradfitz would fix this?

AllowUsers *@100.64.0.0/10